Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5b5fb970f0...18.exe

windows7-x64

7

5b5fb970f0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 09:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe

  • Size

    142KB

  • MD5

    5b5fb970f054d8c8bdb3d75cd246c497

  • SHA1

    9f21eda6810d55f0461581236778a16b1c5b2576

  • SHA256

    0a490e3c9806bd30951c5f4aff365a50de18e9bc46077b51b1241b102e3626d5

  • SHA512

    359049be3ed61228cd39d6eecc39097fad04b4a6d8d9beb4872238096d1a19a251e66185f40357649af5e15cad6aa4185e757f23a97f02e0d2644a2691a6ee09

  • SSDEEP

    3072:Tqc5vBAaDGRpEKXRGCO/kPEImUfkc1Jc6C9WdtH00dqKPiasESijU44XEFv1StH:VFypvA4MVOkQJc6CEQEnPixEvQEFv1St

Score
7/10
aspackv2persistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 384
      2⤵
      • Program crash
      PID:2420
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4696
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0b746f8,0x7ffff0b74708,0x7ffff0b74718
        3⤵
          PID:1700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
          3⤵
            PID:3104
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4036
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
            3⤵
              PID:4032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              3⤵
                PID:4172
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                3⤵
                  PID:4684
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                  3⤵
                    PID:2588
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
                    3⤵
                      PID:440
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4104 /prefetch:8
                      3⤵
                        PID:392
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                        3⤵
                          PID:5096
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                          3⤵
                            PID:3220
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                            3⤵
                              PID:3804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                              3⤵
                                PID:1528
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                3⤵
                                  PID:4344
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10144633805368835909,3028766787361953466,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6000
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4192 -ip 4192
                              1⤵
                                PID:1916
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4544
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2488
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1784
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x424 0x418
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4088

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      10fa19df148444a77ceec60cabd2ce21

                                      SHA1

                                      685b599c497668166ede4945d8885d204fd8d70f

                                      SHA256

                                      c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

                                      SHA512

                                      3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      75c9f57baeefeecd6c184627de951c1e

                                      SHA1

                                      52e0468e13cbfc9f15fc62cc27ce14367a996cff

                                      SHA256

                                      648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

                                      SHA512

                                      c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      456B

                                      MD5

                                      4aecc515fb967b5973ea08c0e2a383f2

                                      SHA1

                                      ff62fa5ae96a94ba92d5d55bc53f617a8ff9716f

                                      SHA256

                                      fe15ef69258ef244bd247f0c836b3458cc25817a1fd7913e91cf59ec5cc3279d

                                      SHA512

                                      2bcba8cc60ca2c22522d6fe3ac9688b2d517d8c0067233b2f3d40a3fa98542c9fb5715df46d7b9d2e84fba311d20a8a303263f94758183d2b31e40a24a210114

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      daf17854ae5f8a3a9fc0c92cac63e627

                                      SHA1

                                      49f35e59ca3b990b2879812e3543fdaa7a1d8ee9

                                      SHA256

                                      39aa47068915c79ece74a5970515f1c6efa9fffccc039d840cb58aa357c8df78

                                      SHA512

                                      6cdceadad9e7ae4c92672b53551e5668b785add11ebec12affe9cb1a5f7faf3e678b9377316d6739428038f7069656f65098958bb6ad9ef30d12960f2dacd5e0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      e395f352caa7d417a881a3088a830316

                                      SHA1

                                      7ecb04e10d63a69e0f62bca396cb655e0a74fe25

                                      SHA256

                                      6fc84efe2c115b3305f651b36f0fc200114529d3a4c83b84de0522a019215286

                                      SHA512

                                      16697db75ef772b7c65cdc201782f0d6c9ba7e5f2723a2a4ded51a59111b07b5d46f91e2f69e778367e42df5cb815d4249348d9fe6692181cd640954a3e526fd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      61140ede0d847aead88bbf1f500d7f86

                                      SHA1

                                      844ef590718b4bea12f1bfa799222275f3cc777a

                                      SHA256

                                      c86e2c3fb2e45b40341a81e753e833d7bfb55938efd46636b6e731d04e4eda1c

                                      SHA512

                                      c8b585ab747aaa35b8761ce91b3f1169c08c6cbd823c93ccbfffbbc080dd9ee14a5a4fd4bdc0fa63ddacc3534b0b741c79b1535a9f23a65521dcf0fdf3ff5fe7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      0e88910b8c2287dfa2add3350f809f4d

                                      SHA1

                                      0ff112c8a8c3e1a39e9b0ef4329d001a8cdbfa91

                                      SHA256

                                      ea0d487f8ffbad094f8af1566065fe9948cbf45b81ce60fab3352f54ff811a5c

                                      SHA512

                                      77e10d0a2e1a26396158b2efdf1ae6e247007e3801f998a6284befe3f760d06c28202a0c26f0ed0a27a112004f00b3a8ba1a77688f90ce2566dbe321bf7071fa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9e669386-ebe8-47e6-b305-a004b03525e3\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      c06d950d535539bc6b114d51145c2357

                                      SHA1

                                      6886658e33accf6ffab18b4f5a16e89d9e0471df

                                      SHA256

                                      312c8b80bc16501342686831317d08d61258e507ff6092297b3fb005730bc96a

                                      SHA512

                                      e15a01a1e423c96dc0c0dfc985a00a1858fb4460fe2ce3e297814f3cc0d72757b3dba85b8034be8810506711c2cfa1fd366eb038ccfc07c66a6bcb5fc7f829ab

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9e669386-ebe8-47e6-b305-a004b03525e3\index-dir\the-real-index~RFe5851c5.TMP
                                      Filesize

                                      48B

                                      MD5

                                      6da45160baf2827a65a1366eb7864109

                                      SHA1

                                      a07c122c18d260e178edff5c5e5fe89b141ffb87

                                      SHA256

                                      96f829ec1fde0e6688721292e64d453e18fcf88424b25144c661c8c73d8ae392

                                      SHA512

                                      d2fc198a41c0f37d9ab806246286deb9794cc8eb505a7efd4105b9076b65cb6b7a6dc97ab2938bb704871a9682ce75a73fa604cc1a470d8cc39e4c69fd4b85ea

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      146B

                                      MD5

                                      ce97f71ffc414cbce37c1a1fb5e152da

                                      SHA1

                                      1dc740b5c6a869af8eaab61d285370af0aa16d2f

                                      SHA256

                                      9831d5215ac9aaefa9c4b315fca96c4e27c5b54ba2929ca359f0a326e590c678

                                      SHA512

                                      66efc0d14b3d8bec0201a236f41df7a820ca6bbd5dede26fc09d0b4902302bc3ae92b1e57113aac5489b324aede0eae2dd4e6d1e30d3885f9a810f276728a1bb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      82B

                                      MD5

                                      0f48d57fa9b645544451b50d15a66b9e

                                      SHA1

                                      45ef49a095a76af9b1e7434feb6bd5033251f73b

                                      SHA256

                                      efb891bd91b3efca9dab6428a6e36848ccd34c64cf3ab2aec1973b0e24645094

                                      SHA512

                                      18800a63ccf1a66e0dedbae33c5936aa83216913fa595175171f2bbe74cafb721f044d7440df043691c21785c3090e18825eb9d249862872929fb14f16425a8a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      84B

                                      MD5

                                      a8083adf86120161be69f1578c1a3cbc

                                      SHA1

                                      0769ed36967c58214ce080821731481e3ae7f168

                                      SHA256

                                      499b49cc6feb0d1751f02a4ee0733f7c488d56001f3d3175624f7cb34457639b

                                      SHA512

                                      7fa5bad5ebe986b8c42b62ce20e3c0a21ad06a087aecd4bfe6fe24d066e5401f0f5e8f1bf25eefd29ca2ffb2068f7375659966df28d363efb73b33977219502f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57fb58.TMP
                                      Filesize

                                      89B

                                      MD5

                                      bf1f2459734fff6c80e8add7108d1c00

                                      SHA1

                                      d7cf82e4fc7131dcd06c8a1d2f2cec71e5aacd37

                                      SHA256

                                      f8c9cf3d8b75a1984e3d2a794957c4ab6b1f65181a5516705e91ceaeffe41ce5

                                      SHA512

                                      9fde4ee296e38f09b871d5b766aeb5d2fd73ac6a07093f67fef7cb2839e1b5164165feee174c4ae374c8767fb2fc1a403906030e47ff3b0bcca74d3be6d11dc8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      e6d2d9a0d4c54d045939ac4af5cdbf35

                                      SHA1

                                      2d5d285f835ade73e23af60c6fa76629be5189bd

                                      SHA256

                                      b733c617d3fae7a941502f96cce0d304f854e7ec03d9850ae1e578ce90ac3caa

                                      SHA512

                                      7910b4427798e92c309cc1244e0162cdf01721b6fa68c67535d0716ac8375ad0ae2e3db802415f41d1eed2086b93991596f20a5ee5b1624d544e2eacbd1ee228

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584a62.TMP
                                      Filesize

                                      48B

                                      MD5

                                      9f3bd2c9f5827fa5b15e55f0deafc794

                                      SHA1

                                      fae7a8c20263661eaa35574deacdbcee4519420a

                                      SHA256

                                      85c5db863e8d1946bda98b454da08e33f7b2818988d0d6a31455261fb6db2d85

                                      SHA512

                                      f10fa9bbf45e93ad712481f5ec5adca5bfa2d27c647ad0e13787640e2eec5a1ba59ee00a399949e1ab3f7bf7dd17c56c33d8cb433cf86e80202efdc5f0f5795f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      2ad71103f735a6f8e3238183934ff079

                                      SHA1

                                      84c5a8d1b44162235262196446df295d955ee042

                                      SHA256

                                      3bf29e7d6692f7984c631873d44c7ad498c9b2c3e1dfa96eecc79765de24de04

                                      SHA512

                                      7cb8172ae7bd9d9bd3d6499a3cbef0c7f9c9f8c8cff281bf3ecbe424bbc2df29d0c110aa7df2f7fc35ac266c2625d3ab343b563248d9f6ace0b7b0366e6b45d4

                                      Download Submit

                                    • memory/4192-7-0x0000000000400000-0x0000000000482000-memory.dmp

                                      Filesize

                                      520KB

                                      Download

                                    • memory/4192-8-0x00000000005E0000-0x0000000000626000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/4192-3-0x0000000000400000-0x0000000000482000-memory.dmp

                                      Filesize

                                      520KB

                                      Download

                                    • memory/4192-0-0x0000000000400000-0x0000000000482000-memory.dmp

                                      Filesize

                                      520KB

                                      Download

                                    • memory/4192-2-0x00000000005E0000-0x0000000000626000-memory.dmp

                                      Filesize

                                      280KB

                                      Download

                                    • memory/4192-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download